| 2.1 Ensure that IP addresses are mapped to usernames | CIS Palo Alto Firewall 10 v1.2.0 L2 | Palo_Alto | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.3.3 Ensure session initiation information is collected - auditctl utmp | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.3 Ensure session initiation information is collected - utmp | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.12 Ensure login and logout events are collected | CIS Fedora 28 Family Linux Server L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.3.13 Ensure login and logout events are collected - /var/log/lastlog | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.8 Ensure login and logout events are collected - auditctl faillog | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.8 Ensure login and logout events are collected - auditctl tallylog | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.8 Ensure login and logout events are collected - lastlog | CIS Debian 8 Server L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.8 Ensure login and logout events are collected - tallylog | CIS Debian 8 Server L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.8 Ensure session initiation information is collected | CIS SUSE Linux Enterprise 15 Server L2 v1.1.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure login and logout events are collected - auditctl faillog | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure login and logout events are collected - auditctl faillog | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure login and logout events are collected - auditctl lastlog | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure login and logout events are collected - auditctl lastlog | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure login and logout events are collected - auditctl tallylog | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure login and logout events are collected - auditctl tallylog | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure login and logout events are collected - faillog | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure login and logout events are collected - faillog | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure login and logout events are collected - lastlog | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure login and logout events are collected - lastlog | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure login and logout events are collected - tallylog | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure login and logout events are collected - tallylog | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure session initiation information is collected - auditctl /var/log/btmp | CIS Debian 8 Server L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure session initiation information is collected - auditctl /var/log/wtmp | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure session initiation information is collected - auditctl /var/run/utmp | CIS Debian 8 Server L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.9 Ensure session initiation information is collected - auditctl /var/run/utmp | CIS Debian 8 Workstation L2 v2.0.2 | Unix | AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure session initiation information is collected - auditctl btmp | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure session initiation information is collected - auditctl btmp | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure session initiation information is collected - auditctl utmp | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure session initiation information is collected - auditctl utmp | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure session initiation information is collected - auditctl wtmp | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure session initiation information is collected - auditctl wtmp | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure session initiation information is collected - btmp | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure session initiation information is collected - btmp | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure session initiation information is collected - utmp | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure session initiation information is collected - utmp | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure session initiation information is collected - wtmp | CIS Distribution Independent Linux Workstation L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 4.1.10 Ensure session initiation information is collected - wtmp | CIS Distribution Independent Linux Server L2 v2.0.0 | Unix | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 5.2.3.12 Ensure login and logout events are collected | CIS Amazon Linux 2 v3.0.0 L2 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.12 Ensure login and logout events are collected | CIS Debian 10 Workstation L2 v2.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.12 Ensure login and logout events are collected | CIS Oracle Linux 8 Server L2 v3.0.0 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.12 Ensure login and logout events are collected | CIS Ubuntu Linux 20.04 LTS Workstation L2 v2.0.1 | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.12 Ensure login and logout events are collected | CIS Ubuntu Linux 18.04 LTS v2.2.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 5.2.3.12 Ensure login and logout events are collected | CIS Red Hat Enterprise Linux 7 v4.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.12 Ensure login and logout events are collected | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Workstation | Unix | AUDIT AND ACCOUNTABILITY |
| 6.2.3.12 Ensure login and logout events are collected | CIS Ubuntu Linux 24.04 LTS v1.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 6.3.3.12 Ensure login and logout events are collected | CIS Rocky Linux 9 v2.0.0 L2 Server | Unix | AUDIT AND ACCOUNTABILITY |
| 17.1.1 (L1) Ensure 'Audit Credential Validation' is set to 'Success and Failure' | CIS Microsoft Windows 8.1 v2.4.1 L1 Bitlocker | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 17.1.1 Ensure 'Audit Credential Validation' is set to 'Success and Failure' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY |
| 17.5.3 Ensure 'Audit Logon' is set to 'Success and Failure' | CIS Microsoft Windows 8.1 v2.4.1 L1 | Windows | ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION |
